Support allowed hosts for migrations to work with proxy (#32025)

diff --git a/modules/hostmatcher/http.go b/modules/hostmatcher/http.go
index c743f6efb3b1bd6c80d3056dac797efbb94c059c..8828902034ac8093eb5494108524818b20cfd5ef 100644 (file)
--- a/modules/hostmatcher/http.go
+++ b/modules/hostmatcher/http.go
@@ -13,11 +13,7 @@ import (
 )
 
 // NewDialContext returns a DialContext for Transport, the DialContext will do allow/block list check
-func NewDialContext(usage string, allowList, blockList *HostMatchList) func(ctx context.Context, network, addr string) (net.Conn, error) {
-       return NewDialContextWithProxy(usage, allowList, blockList, nil)
-}
-
-func NewDialContextWithProxy(usage string, allowList, blockList *HostMatchList, proxy *url.URL) func(ctx context.Context, network, addr string) (net.Conn, error) {
+func NewDialContext(usage string, allowList, blockList *HostMatchList, proxy *url.URL) func(ctx context.Context, network, addr string) (net.Conn, error) {
        // How Go HTTP Client works with redirection:
        //   transport.RoundTrip URL=http://domain.com, Host=domain.com
        //   transport.DialContext addrOrHost=domain.com:80

diff --git a/services/migrations/http_client.go b/services/migrations/http_client.go
index 9e3caec191f2dfbcf747d1a466abc75170780c69..0b997e08f4b4a26c43d5adf4e9945f42305d34be 100644 (file)
--- a/services/migrations/http_client.go
+++ b/services/migrations/http_client.go
@@ -24,6 +24,6 @@ func NewMigrationHTTPTransport() *http.Transport {
        return &http.Transport{
                TLSClientConfig: &tls.Config{InsecureSkipVerify: setting.Migrations.SkipTLSVerify},
                Proxy:           proxy.Proxy(),
-               DialContext:     hostmatcher.NewDialContext("migration", allowList, blockList),
+               DialContext:     hostmatcher.NewDialContext("migration", allowList, blockList, setting.Proxy.ProxyURLFixed),
        }
 }

diff --git a/services/migrations/migrate.go b/services/migrations/migrate.go
index 21bdc68e732087f44c98dd681f6e61ce7161c2a1..d0ad6d0139a9508922c4ce0d027aff997c8bb3e7 100644 (file)
--- a/services/migrations/migrate.go
+++ b/services/migrations/migrate.go
@@ -499,9 +499,5 @@ func Init() error {
        // TODO: at the moment, if ALLOW_LOCALNETWORKS=false, ALLOWED_DOMAINS=domain.com, and domain.com has IP 127.0.0.1, then it's still allowed.
        // if we want to block such case, the private&loopback should be added to the blockList when ALLOW_LOCALNETWORKS=false
 
-       if setting.Proxy.Enabled && setting.Proxy.ProxyURLFixed != nil {
-               allowList.AppendPattern(setting.Proxy.ProxyURLFixed.Host)
-       }
-
        return nil
 }

diff --git a/services/webhook/deliver.go b/services/webhook/deliver.go
index b2c0a73784d949bc1f04c9be2d23293a4ede38c1..4707602cdf49726452fc9e01b46dde8b1361c668 100644 (file)
--- a/services/webhook/deliver.go
+++ b/services/webhook/deliver.go
@@ -303,7 +303,7 @@ func Init() error {
                Transport: &http.Transport{
                        TLSClientConfig: &tls.Config{InsecureSkipVerify: setting.Webhook.SkipTLSVerify},
                        Proxy:           webhookProxy(allowedHostMatcher),
-                       DialContext:     hostmatcher.NewDialContextWithProxy("webhook", allowedHostMatcher, nil, setting.Webhook.ProxyURLFixed),
+                       DialContext:     hostmatcher.NewDialContext("webhook", allowedHostMatcher, nil, setting.Webhook.ProxyURLFixed),
                },
        }